Device Trust 시작하기

Teleport Device Trust 시작하기

Device Trust는 다음 두 가지 단계가 구성되어 있어야 합니다: 역할 또는 클러스터 전체 구성을 통해 디바이스 적용 모드가 구성되어 있어야 합니다. 신뢰할 수 있는 디바이스가 Teleport에 등록 및 등록되어 있어야 합니다. 이 가이드에서는 기존 사용자 프로필을 업데이트하여 사전 설정된 require-trusted-device 역할을 할당하고, Teleport로 보호된 리소스(테스트 Linux 서버)에 액세스하기 위해 신뢰할 수 있는 디바이스를 Teleport에 등록합니다. 사전 요구 사항 # A running Teleport Enterprise cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: To enroll a macOS device, you need: A signed and notarized tsh binary. Download the macOS tsh installer . To enroll a Windows device, you need: A device with TPM 2.0. A user with administrator privileges. This is only required during enrollment. The tsh client. Download the Windows tsh installer . To enroll a Linux device, you need: A device with TPM 2.0. A user with permissions to use the /dev/tpmrm0 device (typically done by assigning the tss group to the user). The tsh client. Install tsh for L